MySQL Lists are EOL. Please join:

List:General Discussion« Previous MessageNext Message »
From:Stefan Tryggvason Date:September 5 1999 8:44pm
Subject:Longevity of the PASSWORD() Function
View as plain text  
Hi everyone,

I'm currently coding a large MySQL databased back web site using primarily
PHP3.  Since the site will use a username / password account system, I need
a way of encrypting each users password in the database to up the security
of the site a little.  I am considering using the MySQL PASSWORD function to
accomplish this, but, as I understand it is one way encryption.  This is not
a problem as myself, and the other administrators of the site don't really
need to know the passwords for anyones account.  What would cause problems
however, is if the PASSWORD function was updated in the future, since then,
when passwords entered by users are encrypted to check against the stored
version, they would not be the same.

My question(s) are as follows.
1) If the MySQL PASSWORD function was updated, would the old PASSWORD
function remain?
2) Given that the function is a one way encryption algorithm, what would
happen to peoples existing passwords if the function were updated?
3) Am I on completely the wrong track here, and is there a far better way of
implementing this sort of system.  I have Perl/CGI,C/C++,PHP3 etc access on
my server, but i'm not sure to what degree they will tolerate recompiling
their programs with my extensions and so on.

Thanks for your time...


Stefan Tryggvason

Thread
Longevity of the PASSWORD() FunctionStefan Tryggvason6 Sep
  • Re: Longevity of the PASSWORD() FunctionJules Bean6 Sep
  • RE: Longevity of the PASSWORD() FunctionDon Read6 Sep